Arbitrary File Upload Vulnerability in Phoca Downloads for Joomla
CVE-2026-57828

9CRITICAL

Key Information:

Vendor

Phoca.cz

Vendor
CVE Published:
11 July 2026

What is CVE-2026-57828?

The Phoca Downloads extension for Joomla contains a vulnerability that enables authenticated users to upload arbitrary executable files. This can lead to unauthorized remote code execution on the server, posing severe security risks. Proper security measures and updates are essential to mitigate this issue.

Affected Version(s)

phoca.cz Phoca Download extension for Joomla 1.0-6.1.2

References

CVSS V4

Score:
9
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
Physical
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Phil Taylor
.